CVE-2013-4900
published 2013-09-09CVE-2013-4900: Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.11%
89.5th percentile
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| twilightcms | twilight_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DeWeS 0.4.2 - Directory Traversal
exploitdb·2013-08-22·CVSS 5.0
CVE-2013-4900 [MEDIUM] DeWeS 0.4.2 - Directory Traversal
DeWeS 0.4.2 - Directory Traversal
---
Advisory ID: HTB23167
Product: DeWeS web server (Twilight CMS)
Vendor: Strata Technologies LLC
Vulnerable Version(s): 0.4.2 and probably prior
Tested Version: 0.4.2
Vendor Notification: July 24, 2013
Public Disclosure: August 21, 2013
Vulnerability Type: Path Traversal [CWE-22]
CVE Reference: CVE-2013-4900
Risk Level: Medium
CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
Advisory Details:
High-Tech Bridge Security Research Lab discovered path traversal vulnerability in DeWeS web server that is supplied in package with Twilight CMS (Windows version), which can be exploited to read arbitrary files on vulnerable system.
1) Path Traversal in DeW
Exploit-DB
Twilight CMS - DeWeS Web Server Directory Traversal
exploitdb·2013-08-21
CVE-2013-4900 Twilight CMS - DeWeS Web Server Directory Traversal
Twilight CMS - DeWeS Web Server Directory Traversal
---
source: https://www.securityfocus.com/bid/61906/info
Twilight CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Twilight CMS 0.4.2 is vulnerable; other versions may also be affected.
nc [www.example.com] 80 GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1
nc [www.example.com] 80 GET demosite/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/TwilightCMS/Sites/company_site
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-08/0126.htmlhttp://secunia.com/advisories/54404http://www.exploit-db.com/exploits/27777https://www.htbridge.com/advisory/HTB23167http://archives.neohapsis.com/archives/bugtraq/2013-08/0126.htmlhttp://secunia.com/advisories/54404http://www.exploit-db.com/exploits/27777https://www.htbridge.com/advisory/HTB23167
2013-09-09
Published